CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3588 – memory contents disclosure in cli_feat_read_cb
https://notcve.org/view.php?id=CVE-2021-3588
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. La función cli_feat_read_cb() en src/gatt-database.c no realiza comprobaciones de límites en la variable 'offset' antes de utilizarla como índice en un array para su lectura • https://github.com/bluez/bluez/issues/70 https://security.gentoo.org/glsa/202209-16 • CWE-125: Out-of-bounds Read CWE-788: Access of Memory Location After End of Buffer •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://security.gentoo.org/glsa/202209-16 https://security.netapp.com/advisory/ntap-20210716-0002 https://www.debian.org/security/2021/dsa-4951 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html https://access.redhat.com/security/cve/CVE-2021& • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-24490 – kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events
https://notcve.org/view.php?id=CVE-2020-24490
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://access.redhat.com/security/cve/CVE-2020-24490 https://bugzilla.redhat.com/show_bug.cgi?id=1888449 https://access.redhat.com/security/vulnerabilities/BleedingTooth • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2020-12352 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12352
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso adyacente An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. • https://www.exploit-db.com/exploits/49754 http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351 https://access.redhat.com/security/cve/CVE-2020-12352 https://bugzilla.redhat.com/show_bug.cgi?id=1886529 https://access.redhat.com/security/vulnerabilities& • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-909: Missing Initialization of Resource •
CVSS: 8.8EPSS: 5%CPEs: 5EXPL: 0CVE-2020-27153 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
https://notcve.org/view.php?id=CVE-2020-27153
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la detección del servicio, debido a un evento MGMT de desconexión redundante • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html https://bugzilla.redhat.com/show_bug.cgi?id=1884817 https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07 https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html https://security.gentoo.org/glsa/202011-01 https://www.debian.org/security/2021/dsa-4951& • CWE-415: Double Free CWE-416: Use After Free •